データ制御の精度を高めるカスタムリージョンの導入
Cloudflareは、データ主権要件に対応するため、Regional Servicesにトルコ、UAE、IRAP、ISMAPの事前定義地域を追加し、顧客がデータ処理地域をカスタマイズできる「Custom Regions」を導入した。
キーポイント
地域サービスの拡張
Regional Servicesの事前定義地域にトルコ、UAE、IRAP(豪州)、ISMAP(日本)を追加し、合計35地域となった。
Custom Regionsの導入
顧客がデータ処理地域を独自に定義できる「Custom Regions」を発表し、より柔軟なデータ主権対応を可能にした。
グローバルセキュリティとローカルコンプライアンスの両立
グローバルネットワークでDDoS防御を行いながら、指定地域内でのみデータを復号・処理する独自アーキテクチャを採用している。
データ主権要件への対応強化
各国のデータ保護規制(GDPRなど)や業界固有のコンプライアンス要件に対応するためのツールを提供している。
カスタムリージョンの定義方法
カスタムリージョンでは、ISO国コードを使用した表現式でリージョンメンバーシップを定義でき、単一国、複数国の組み合わせ、特定国の除外など柔軟な設定が可能です。
カスタムリージョンの主な活用事例
AI推論の地域化、ハイパーターゲット型プロモーションの実施、政府契約への対応、企業組織構造との整合など、多様なユースケースに対応できます。
Custom Regionsのメンバーシップ管理
データセンターのメタデータに基づいてリージョンのメンバーシップセットを評価し、Cloudflareのインフラが進化するにつれて自動的に更新されるため、ユーザーはデータセンターの追加や削除を気にする必要がない。
影響分析・編集コメントを表示
影響分析
この発表は、データ主権規制が強化される中で、クラウドプロバイダーが地域別データ処理機能を拡充していることを示している。特にCustom Regionsの導入は、企業が自社のコンプライアンス要件に合わせてデータ処理ポリシーを細かく制御できるようになる点で、クラウドサービスの柔軟性を大きく向上させる。
編集コメント
AI業界との直接的な関連性は低いが、データ規制対応が重要なテーマとなる中で、クラウドインフラのデータ管理機能強化はAIシステムの展開にも影響を与える可能性がある。
お客様のニーズに完全に対応するため、カスタムリージョンの初期設定は共同作業プロセスとなります。開始するには、担当のアカウントチームにご連絡ください。お客様と協力してリージョンを定義し、デプロイを行います。このサービスは現在セルフサービスではありませんが、技術開発を継続しており、機能の成熟に伴い見直していく予定です。一部技術的な制限が適用される場合があります。詳細については、ソリューションエンジニアが最適な相談窓口となります。
データ制御の強化にご興味はありませんか?
Regional Servicesについて詳しく知りたい場合は、担当のアカウントチームにお問い合わせください。まだCloudflareをご利用でない場合は、こちらからお申し込みください。こちらのフォームにご記入いただければ、すぐにご連絡いたします。
原文を表示
A key part of our mission to help build a better Internet is giving our customers the tools they need to operate securely and efficiently, no matter their compliance requirements. Our Regional Services product helps customers do just that, allowing them to meet data sovereignty legal obligations using the power of Cloudflare’s global network.
Today, we're taking two major steps forward: First, we’re expanding the pre-defined regions for Regional Services to include Turkey, the United Arab Emirates (UAE), IRAP (Australian compliance) and ISMAP (Japanese compliance). Second, we’re introducing the next evolution of our platform: Custom Regions.
Global security, local compliance: the Regional Services advantage
Before we dive into what’s new, let’s revisit how Regional Services provides the best of both worlds: local compliance and global-scale security. Our approach is fundamentally different from many sovereign cloud providers. Instead of isolating your traffic to a single geography (and a smaller capacity for attack mitigation), we leverage the full scale of our global network for protection and only inspect your data where you tell us to.
Here’s an overview of how it works:
Global ingestion & L3/L4 DDoS defense: Traffic is ingested at the closest Cloudflare data center, wherever in the world that may be. At this initial entry point, we apply our massive-scale DDoS mitigation to block volumetric attacks at the network and transport layers. This happens outside your designated region, ensuring only clean traffic is forwarded.
Intelligent in-region routing: Before any decryption occurs, we inspect the request's metadata. If it has arrived at a data center outside your specified region, we route it across our secure, private backbone to a data center within your boundaries, using the most performant pathway.
In-region TLS termination & L7 processing: Only once the traffic is confirmed to be within your chosen region do we decrypt the request. It is only then that we apply our application-layer security services, like our Web Application Firewall (WAF) or Bot Management, and execute any Cloudflare Workers logic.
Secure transit to origin: Once processed, the request is re-encrypted and securely sent to your origin server.
This unique architecture means you can localize data inspection as needed to meet your legal obligations without sacrificing the robust DDoS protection that only a massive global network can provide.
New options available within Cloudflare Managed Regions
When we launched Regional Services in 2020, we started with just three regions: EU, UK, and U.S. Over time we have added regions that are shared across all accounts — we refer to these as Cloudflare Managed Regions.
A few more are newly available: Turkey, the United Arab Emirates (UAE), and IRAP (Australian compliance), bringing our total to 35 regions.
In addition, we are now giving our customers the ability to request a custom region that meets their account needs. These are Custom Regions, launching today.
Beyond pre-defined boundaries: introducing Custom Regions
While our 35 pre-defined regions serve many of our customers’ needs, the digital world isn't one-size-fits-all. We've heard you loud and clear: you've asked for a specific country, unique combinations of countries, and the ability to exclude a set of countries from a region.
That's why we're excited to announce the next evolution of Regional Services: Custom Regions.
Simply put, Custom Regions give you the power to define your own geographical boundaries for traffic processing. Instead of choosing from a list of regions defined by us, you tell us precisely which locations constitute your region.
This flexibility unlocks a new level of control. Our early-access customers have already used Custom Regions to:
Regionalize AI inference: Keep LLM prompts and responses within a specific set of countries to optimize for performance and data localization legal obligations.
Launch hyper-targeted promotions: Serve marketing campaigns and content that are optimized for a unique combination of countries.
Scale government operations: Build regions that align with contractual commitments with government entities.
Mirror your corporate structure: Build regions that match your internal business units, like EMEA, MENA, or APAC, for perfectly aligned governance.
The core mechanism is the same; the only thing that changes is the boundary. Instead of Cloudflare defining the region, you do.
The possibilities are endless. For example, your region could be:
North America: Canada, United States, Mexico
Everywhere except North America: Not Canada, not United States, not Mexico
Countries that use Fahrenheit: USA, Bahamas, Cayman Islands, Marshall Islands, Liberia
How Regional Services works
At the core of Regional Services is enforcement of a simple rule: TLS termination and Layer 7 processing only happen inside your chosen region. Custom Regions expands this capability by allowing you to choose your own region definitions.
Cloudflare Managed Regions and Custom Regions rely on three building blocks: defining region membership, selecting an in-region destination, and enforcing the boundary at the edge.
Defining region membership
A region is ultimately a set of Cloudflare data centers.
Cloudflare managed regions use a pre-defined membership set.
Custom Regions define membership with an expression. The most common field is country_code: the ISO code where each data center is located:
Use case
Expression
Definition
Single country
country_code == "TR"
Turkey
Multiple countries
country_code in ["DE", "FR", "NL"]
Germany, France, and the Netherlands
Exclude countries
!(country_code in ["US", "CA", "MX"])
Everything except the U.S., Canada, and Mexico
That expression is evaluated against data centers' metadata. Matches become your region's membership set and are distributed globally, so every data center can quickly answer: "Am I in this region?"
As Cloudflare's infrastructure evolves, membership updates, so new matching data centers can join automatically. You do not need to worry about when data centers are added or removed from the definition; Cloudflare takes care of that for you.
Calculating optimal in-region routing
If a request enters Cloudflare outside your region, the next step is choosing the best in-region destination for that ingress location.
Cloudflare's selection is a two-step process:
Allowed destinations: the region's membership set (which data centers are in-region)
Best destination for this ingress: a performance-ranked list tailored to the data center where the request entered our network
These per-ingress rankings are computed centrally and distributed to the edge via Quicksilver. They are built from measured path quality across our network (not just physical distance), using signals like:
Network performance: Latency and reliability indicators (for example, loss and timeouts)
Capacity and load: Available resources and current utilization
Operational status: Health and availability
At routing time, we intersect the ranked list with the region membership set and choose from the top candidates. The final choice is validated against live availability: destinations that are disabled or otherwise unreachable are skipped, so traffic can fail over to the next best in-region option.
Enforcing the boundary
This is the process when a request arrives at Cloudflare:
Ingress. The request lands at the nearest data center. Layer 3/4 DDoS mitigation is applied immediately.
Configuration lookup. Is a region configured for this zone?
Membership check. Is this data center in the configured region?
Routing decision.
In region: Process locally. TLS termination and all Layer 7 services run here.
Out of region: An in-region data center is selected, and the request is forwarded over Cloudflare's private backbone.
In-region processing. TLS is terminated for the first time. Layer 7 services run here.
Origin connection. The processed request is sent to your origin.
As noted above, Cloudflare does not decrypt the request outside your defined region. Instead, we forward it to the closest data center inside your region, where decryption and Layer 7 services occur.
How we handle errors
Resilience is built in at multiple layers:
Multiple candidates: Routing considers multiple in-region options and selects an available destination in real time.
Health-aware routing: Unhealthy or disabled data centers are excluded.
Data quality gates: Fresh routing inputs are only published when sufficient monitoring data is available.
Fail-close design: If no valid in-region destination exists, the connection fails rather than processing outside your region.
image
How to get started
The new Cloudflare managed regions are available now for customers using Regional Services. If you would like to use these, just follow the standard process to enable it via the Cloudflare Dashboard or via the Cloudflare API. Custom Regions are new and follow a different process.
To ensure a perfect fit for your needs, the initial setup for Custom Regions is a collaborative process. To get started, simply reach out to your account team. They will work with you to define your region and get it deployed. While the service is not yet self-serve, we are continuously developing the technology and will revisit this as the feature matures. Please note that some technical limitations may apply, and your solutions engineer is the perfect person to discuss the details with.
Interested in taking control of your data?
If you are interested in learning more about Regional Services, please contact your account team. If you’re not yet a Cloudflare customer, we would love to have you. Fill out this form, and we’ll be in touch with you soon.
関連記事
今日のまとめ
AI日報で今日の重要ニュースをまとめ読み